ahmed-bhs / doctrine-doctor
Runtime analysis tool for Doctrine ORM integrated into Symfony Web Profiler. Unlike static linters, it analyzes actual query execution at runtime to detect performance bottlenecks, security vulnerabilities, and best practice violations during development with real execution context and data.
Installs: 22
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 0
Forks: 0
Open Issues: 0
Type:symfony-bundle
pkg:composer/ahmed-bhs/doctrine-doctor
Requires
- php: ^8.1
- doctrine/doctrine-bundle: ^2.12
- doctrine/orm: ^2.10|^3.0|^4.0
- symfony/framework-bundle: ^6.0|^7.0
- webmozart/assert: ^1.12
Requires (Dev)
- bitbag/coding-standard: ^3.0
- deptrac/deptrac: ^4.2
- php-parallel-lint/php-parallel-lint: ^1.4
- phpmd/phpmd: ^2.15
- phpstan/extension-installer: ^1.4
- phpstan/phpstan: ^2.1
- phpstan/phpstan-doctrine: ^2.0
- phpstan/phpstan-phpunit: ^2.0
- phpstan/phpstan-symfony: ^2.0
- phpunit/phpunit: ^10.0
- symfony/stopwatch: ^6.0|^7.0
- symfony/var-dumper: ^6.0|^7.0
- symplify/easy-coding-standard: ^12.6
- twig/twig: ^3.0
This package is auto-updated.
Last update: 2025-11-10 21:44:49 UTC
README
Runtime Analysis Tool for Doctrine ORM — Integrated into Symfony Web Profiler
|
Why Runtime Analysis? Unlike static analysis tools (PHPStan, Psalm) that analyze code without execution, Doctrine Doctor:
|
|
Features
66 Specialized Analyzers
- Performance — Detects N+1 queries, missing database indexes, slow queries, excessive hydration, findAll() without limits, setMaxResults() with collection joins, too many JOINs, and query caching opportunities
- Security — Identifies DQL/SQL injection vulnerabilities, QueryBuilder SQL injection risks, sensitive data exposure in serialization, unprotected sensitive fields, and insecure random generators
- Code Quality — Detects cascade configuration issues, bidirectional inconsistencies, missing orphan removal, type mismatches, float usage for money, uninitialized collections, EntityManager in entities, and architectural violations
- Configuration — Validates database charset/collation settings, timezone handling, Gedmo trait configurations, MySQL strict mode, and other database-level configurations
Quick Start
Zero configuration needed — auto-configured via Symfony Flex.
Installation
composer require --dev ahmed-bhs/doctrine-doctor
Auto-configures via Symfony Flex. Check the Doctrine Doctor panel in the Symfony Profiler.
Configuration (Optional)
Configure thresholds in config/packages/dev/doctrine_doctor.yaml:
doctrine_doctor: analyzers: n_plus_one: threshold: 3 slow_query: threshold: 50 # milliseconds
Full configuration reference →
Example: N+1 Query Detection
| **Problem** | **Detection** | **Solution** |
|
Template triggers lazy loading // Controller $users = $repository ->findAll(); // Template {% for user in users %} {{ user.profile.bio }} {% endfor %} Triggers 100 queries |
Doctrine Doctor detects N+1 100 queries instead of 1 Shows exact query count, execution time, and suggests eager loading Real-time detection |
Eager load with JOIN $users = $repository ->createQueryBuilder('u') ->leftJoin('u.profile', 'p') ->addSelect('p') ->getQuery() ->getResult(); Single query |
Documentation
| Document | Description |
|---|---|
| Full Analyzers List | Complete catalog of all 66 analyzers covering performance, security, code quality, and configuration - find the perfect analyzer for your specific needs |
| Architecture Guide | Deep dive into system design, architecture patterns, and technical internals - understand how Doctrine Doctor works under the hood |
| Configuration Reference | Comprehensive guide to all configuration options - customize analyzers, thresholds, and outputs to match your workflow |
| Template Security | Essential security best practices for PHP templates - prevent XSS attacks and ensure safe template rendering |
Contributing
See CONTRIBUTING.md for guidelines.
License
MIT License - see LICENSE for details.
Created by Ahmed EBEN HASSINE